Information Security Policy


The Government of British Columbia is committed to providing services to citizens that are efficient and secure.  Through the adoption of new technologies, the government seeks to provide improved services while maintaining the security of government information assets. 

About the Information Security Policy (ISP)

The Information Security Policy V4.0 (PDF) has been updated, it is now:

  • Easier for users to understand
  • Structured so that key information is easy to find
  • Shorter and more accessible.

The ISP 4.0 (PDF) provides the foundation for the information security governance program, which includes standards, procedures, training and awareness material, all of which are used to protect government information and information systems

‘Security is everyone’s responsibility’  

All employees need to be aware of their responsibilities to safeguard government information. The Information Security Policy supports security requirements in the Freedom of Information and Protection of Privacy Act and the Information Management Act.

Supplemental to the B.C. government Core Policy and Procedures Manual and the Appropriate Use Policy, this policy provides the framework for government organizations to establish local policies and procedures necessary for the protection of information and technology assets for the Province of British Columbia.

The Office of the Chief Information Officer is responsible for developing, communicating, and implementing the Information Security Policy across government, however, each ministry determines how to apply the policy to their business operations.

This policy is available to all ministries and remains in use across government today. The policy has also been shared with select vendors who work with the Province to identify new security requirements as needed.

Each ministry has a Ministry Information Security Officer who can answer general questions on protecting information specific to their ministry.

What is the impact on government staff and stakeholders?

We expect that all staff and stakeholders, regardless of their knowledge of technology, will be able to read ISP v4.0 and understand the BC government’s responsibilities and the overall intent of the security controls relating to the protection of government information and information systems.

Staff and stakeholders who need access to more specific details, including technical security control details, are able to find appropriate links within the new ISP to other government policies, standards and processes. Initially, all of the technical security control details in the previous version of ISP (3.0) will be republished and available in the Information Security Standard.

For further information, please contact your MISO.